| Age | Commit message (Collapse) | Author |
|---|
|
the latests that will work.
|
|
|
|
New soledad-common depends on `python-treq`, which
is only available in debian stretch.
We pin all stretch packages to 1 (same as for sid), which
means (from `man apt_preferences`):
"causes a version to be installed only if there is no
installed version of the package"
- Resolves: #8836
|
|
|
|
|
|
leap-mx is now independent of leap-keymanager and
we can remove this dependency now.
see https://0xacab.org/leap/leap_mx/issues/8558
|
|
|
|
|
|
|
|
Resolves: #8792
|
|
There are different reasons for this:
- Using `stdbuf` will correctly return and non-zero
exit code so when something breaks during CI `gitlab-runner`
will mark the build as failed (Resolves: #8821).
- `stdbuf` is already installed by the `coreutils` package and
thus saves diskspace
|
|
Resolves: #8828
|
|
|
|
|
|
Delay a hard state of the APT check for 1 day
so unattended_upgrades has time to upgrade packages.
Resolves: #8748
|
|
Currently, the platform configures the `snapshots` component in
/etc/apt/sources.list.d/leap.list.
`snapshots` contains packages uploaded by feature branches and merge
requests so we change to `master` (which contains packges built from
changes to the master branches.
Resolves: #8828
|
|
It's just too much mail...
And there are other tools like nagstamon that are better suited to get
an overview what's failing.
Resolves: #8772
|
|
|
|
After `puppet-catalog-test` has been recently updated it failed
in our CI with:
File[/etc/apt/sources.list] has notify relationship to invalid
resource Exec[apt_updated]
See #8814 for more details.
Resolves: #8814
https://github.com/invadersmustdie/puppet-catalog-test/commit/ac386793c2c456d2071dd0adda716224128f0bb3
|
|
We moved from develop to master some time ago so
we should use master for CI testing as well.
|
|
|
|
|
|
|
|
|
|
Eth0 is vagrant's main interface to access the box
|
|
|
|
|
|
|
|
|
|
|
|
Without private networking, the box cannot get directly
accessed, only via port forwardings.
https://www.vagrantup.com/docs/networking/private_network.html
- Resolves: #7769
|
|
Virtualbox adds eth1 as second interface when private networking
is enabled.
- Related: #7769
|
|
closes #8414 as well
|
|
|
|
Depending whether couchdb is running on the same node as
nickserver, couchdb is available on localhost:
- When couchdb is running on a different node: Via stunnel, which is
bound to 4000.
- When couchdb is running on the same node: On port 5984
Resolves: #8793
|
|
|
|
|
|
|
|
We should include this in soledad-server package as
dependency but until we sorted out this, we depend
soledad-server on ssl-cert in the platform.
see https://0xacab.org/leap/soledad/issues/8849 for
|
|
|
|
Resolves: #8791
|
|
The newer version is needed for the single-hop functionality.
|
|
This makes a more clear site_tor::relay class that the leap service
includes, and a more generic site_tor class that other classes can
depend on for setting up the initial install.
|
|
|
|
|
|
Limit ci.leap.se deployment to leap/master (Closes #8782)
Closes #8782
See merge request !83
|
|
|
|
This gets us a simple apt repository privilege separation:
(a) our key can't be used to forge other repos
(b) other keys can't be used to forge our repo.
From sources.list(5):
· Signed-By (signed-by) is either an absolute path to a keyring
file (has to be accessible and readable for the _apt user, so ensure
everyone has read-permissions on the file) or one or more
fingerprints of keys either in the trusted.gpg keyring or in the
keyrings in the trusted.gpg.d/ directory (see apt-key
fingerprint). If the option is set, only the key(s) in this keyring
or only the keys with these fingerprints are used for the
apt-secure(8) verification of this repository. Defaults to the value
of the option with the same name if set in the previously acquired
Release file. Otherwise all keys in the trusted keyrings are
considered valid signers for this repository.
|
|
|
|
|
